Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-6387 PoC — OpenSSH 安全漏洞

Source
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
Associated Vulnerability
Title:OpenSSH 安全漏洞 (CVE-2024-6387)
Description:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
Description
This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.
Readme
# CVE-2024-6387 Vulnerability Checker

### Overview
This Python script is designed to check SSH servers for the CVE-2024-6387 vulnerability, specifically targeting the recently discovered **regreSSHion**, which is associated with specific versions of OpenSSH. The tool supports multiple IP addresses, URLs, CIDR ranges, and ports, and can also read addresses from a file. The results are displayed in a categorized and color-coded manner for better readability.

![regreSSHion](https://ik.imagekit.io/qualys/wp-content/uploads/2024/06/Q-regreSSHion-1200x628-1-1070x560.jpg)

Created by **Filipi Pires - Senior Threat Researcher & Cybersecurity Advocate**

### Features
- **Customizable**: Specify multiple IP addresses, URLs, CIDR ranges, and ports.
- **File Input Support**: Read addresses and ranges from a file.
- **Color-Coded Output**: Easily distinguish between vulnerable, safe, unknown, and error results.
- **Network Range Handling**: Automatically expands CIDR ranges into individual IP addresses.

### Output

* SAFE: Non-vulnerable servers.
* VULNERABLE: Servers running a vulnerable version of OpenSSH.
* UNKNOWN: Servers with an unknown SSH version.
* ERROR: Servers that could not be accessed or resolved.

---

### Usage
### Command Line 

To run the script with multiple IPs, URLs, or CIDR ranges directly from the command line:
```
python3 CVE-2024-6387-Vulnerability-Checker.py <addresses> -p <ports> -t <timeout> 
```
* addresses: IP addresses, URLs, or CIDR ranges to check (space-separated).

* -p, --ports: Comma-separated list of port numbers for SSH (default: 22).

* -t, --timeout: Connection timeout in seconds (default: 5.0).

<img width="732" alt="image" src="https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker/assets/31785433/ed30e62a-3fff-4c40-8751-9a1bdd18adc1">

### From a File

To run the script with addresses specified in a file:
```
python3 CVE-2024-6387-Vulnerability-Checker.py -f <filename> -p <ports> -t <timeout>
```
* filename: File containing a list of IP addresses or CIDR ranges.

<img width="870" alt="image" src="https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker/assets/31785433/14eb7210-eb02-4d7e-bf36-f05fa3b08759">

### Example Usage

To check multiple IPs, URLs, or CIDR ranges directly from the command line:

```
python3 CVE-2024-6387-Vulnerability-Checker.py 192.168.1.1 192.168.1.2 192.168.1.0/24 example.com -p 22,2222 -t 5.0
```

* To check addresses from a file:
```
python3 CVE-2024-6387-Vulnerability-Checker.py -f addresses.txt -p 22,2222 -t 5.0
```

Example addresses.txt file:
```
192.168.1.1
example.com
192.168.1.0/24
```
---

## Contributing

### Contributions are welcome! Please follow these steps to contribute:

**1. Fork the Repository:** Click the **"Fork"** button at the top right of this page.

**2. Clone Your Fork:** Clone your forked repository to your local machine:
```
git clone https://github.com/YOUR_USERNAME/CVE-2024-6387-Vulnerability-Checker.git
cd CVE-2024-6387-Vulnerability-Checker
```
**3. Create a Branch:** Create a new branch for your feature or bugfix.
```
git checkout -b my-feature-branch
```

**4. Make Changes:** Make your changes to the code.

**5. Commit Your Changes:** Commit your changes with a descriptive commit message.
```
git add .
git commit -m "Description of the changes"
```

**6. Push Your Branch:** Push your branch to your forked repository.

```
git push origin my-feature-branch
```

**7. Create a Pull Request:** Go to the original repository on GitHub, and click **"New Pull Request"**. 
Select your branch from the compare dropdown, and submit your pull request.

---

### Launch

[July 09th-2024]
-  First Version - Launch

[August 28th-2024]
-  Repository Updated
---
### References
[Qualys's Blog - regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server](https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server)
File Snapshot

 [4.0K]  /data/pocs/be41adf44b82837fa2b58e3a3c24042c72b32dd2
├── [1.1K]  LICENSE
└── [3.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.